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Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1)D Responsive to communication(s) filed on 25 November 2003 . 
2a)Q This action is FINAL. 2b)[x] This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) 1-19 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) M Claim(s) 1-19 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) D The specification is objected to by the Examiner. 

10) ^1 The drawing(s) filed on 25 November 2003 is/are: a)S accepted or b)D objected to by the Examiner. • 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 
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1 .□ Certified copies of the priority documents have been received. 

2. Q Certified copies of the priority documents have been received in Application No. . 
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application from the International Bureau (PCT Rule 17.2(a)). 
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Application/Control Number: 10/720,447 
Art Unit: 2135 

DETAILED ACTION 

1 . This is in response to the original filing of November 25 th , 2003. 
pending and have been considered below. 

Claim Rejections - 35 USC § 101 

2. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or composition of matter, or 
any new and useful improvement thereof, may obtain a patent therefor, subject to the conditions and 
requirements of this title. 

Claims 1-7 are rejected under 35 U.S.C. 101 because the claimed invention is directed to non- 
statutory subject matter. Claims 1-7 encompass an electronic transmission signal. An electronic 
signal is a form of energy. Energy is not a series of steps or acts and this is not a process. 
Energy is not a physical article or object and as such is not a machine or manufacture. Energy is 
not a combination of substances and therefore not a compilation of matter. Thus, an electronic 
transmission signal does not fall within any of the four categories of invention. Therefore, 
Claims 1-7 recite non-statutory subject matter. 

Claim Rejections - 35 USC § 102 

3. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the 
basis for the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by another filed 
in the United States before the invention by the applicant for patent or (2) a patent granted on an application for 
patent by another filed in the United States before the invention by the applicant for patent, except that an 
international application filed under the treaty defined in section 351(a) shall have the effects for purposes of this 
subsection of an application filed in the United States only if the international application designated the United 
States and was published under Article 2 1(2) of such treaty in the English language. 
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Claims 1-19 are 
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4. Claims 1-19 are rejected under 35 U.S.C. 102(e) as being anticipated by Wong et al. 
(6,578,037). 

Claims 1 and 8: Wong et al discloses a method and computer-readable medium or propagated 
signal having embodied thereon a computer program configured to determine whether. a user is 
permitted to access a business object when executing a software application of an enterprise 
information technology system, the medium or signal comprising one or more code segments 
configured to: 

a. use a permission object(7e. policy group attribute) to determine whether a user 
associated with an entry in user information is permitted to access a data object associated with a 
data object type(7e. objects 218 and 224) [figure 2]; 

b. wherein the entry in the user information associates the user with a user affiliation, the 
permission object identifies: 

i. a user affiliation^, which policy group user is associated to) to which the 
permission object applies [column 6, lines 3-9]; 

ii. a data object type(7e. type of database record) to which the permission object 
applies such that the data object type is associated with multiple attributes(7e. salary 
range, job categories, etc.) and each data object having the data object type is associated 
with the multiple attributes [column 6, lines 29-39]; 

iii. a permission attribute^, salary range, job categories, etc.) identifying one of 
the multiple attributes [column 6, lines 29-39]; 

iv. and a permission value(7e. employee f s salary, employee 's job category, etc.) 
for the permission attribute [column 6, lines 29-39]; 
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c. and the user is permitted to access the data object when: 

i. the user affiliation that is associated with the user is the same user affiliation as 
the user affiliation to which the permission object applies(7e. users affiliated with the 
"Human Resources of Company A " policy group may access employee records of 
employees earning salaries below a threshold) [column 6, lines 29-39]; 

ii. the data object typt(ie. only Company A 's records) of the data object is the 
same data object type as the data object type to which the permission object applies 
[column 6, lines 29-39]; 

iii. and a value(7e. recorded salary of employee 's record is within the range of 
accessible salaries) of an attribute of the multiple attributes associated with the data 
object is consistent with the permission value of the permission attribute and the attribute 
corresponds to the permission attribute [column 6, lines 29-39], 

Claim 13: Wong et ah discloses a computer system for determining whether a user is permitted 
to access a data object when executing a software application of an enterprise information 
technology system, the system comprising: 

a. a data repository (ie. database system 100) for access control information for software 
having data objects, each data object [figure 1]: 

i. being associated with a data object typef/e. only Company A 's records) having 
multiple attributesf/e. salary ranges, job categories, etc.) [column 6, lines 29-39]; 

ii. having multiple attributes^, salary range, job categories, etc.) that are the 
same as the multiple attributes of the data object type to which the data object is 
associated [column 6, lines 29-39]; 
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iii. and having a value associated(7e. employee 's salary, employee 's job category, 
etc.) with each attribute of the multiple attributes [column 6, lines 29-39]; 

b. the data repository including: 

i. user information^, context attribute values) that associates a user affiliation 
with a user of the software application [column 7, lines 46-48]; 

ii. and permission information^. Company A HR policy group) having multiple 
permission objects(7e. policies), each permission object identifying a user affiliation^. 
only users from Company A *s HR department) to which the permission object applies, a 
data object type(7e. only Company A's employee records) to which the permission object 
applies, a permission attribute^, salary range) identifying one of the multiple attributes, 
and a permission valuef/e. employee 's salary) for the permission attribute [column 6, 
lines 29-39]; 

c. and an executable software module that causes: 

i. a comparison of a value of an attribute of the multiple attributes associated with 
a data object to which a user seeks to access such that the attribute corresponds to the 
permission attribute of a permission object with the permission value of the permission 
object(7e. conditions that restrict results returned by a query, thereby restricting access to 
data) [column 5, lines 49-50]; 

ii. and an indication that a user is permitted to access a data object when the value 
of the attribute associated with the data object is consistent with the permission value of 
the permission object(7e. the function checks context value attributes that identify the user 
to determine whether the users is associated with company A) [column 7, lines 41-45]. 
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Claims 2, 9 and 14: Wong et al. discloses a medium or signal, method and system of claims 1, 8 
and 1 3 and further discloses that the one or more code segments are further configured to permit 
the user to access the data object when the value of the attribute of one of the multiple attributes 
associated with the data object is the same as the permission value of the permission attribute^. 
permit users in HR of Company A to access employee records of employees earning salaries 
below a threshold) [column 6, lines 29-39]. 

Claims J, 10 and 15: Wong et al. discloses a medium or signal, method and system of claims 1, 
8 and 13 and further discloses that the one or more code segments are further configured to 
permit the user to access the data object when the value of the attribute of one of the multiple 
attributes associated with the. data object is the within a range specified(7e. range of salaries 
below a threshold) by the permission value of the permission attribute [column 6, lines 29-39], 
Claims 4, 11 and 16: Wong et al. discloses a medium or signal, method and system of claims 1, 
8 and 13 and further discloses that the one or more code segments are further configured to 
permit the user to access the data object when the value of the attribute of one of the multiple 
attributes associated with the data object is one of enumerated values(7e. one of the particular job 
catergories) specified by the permission value of the permission attribute [column 6, lines 29- 
39]. 

Claims 5, 12 and 17: Wong et al. discloses a medium or signal, method and system of claims 1, 
8 and 13 and further discloses that: 

a. the permission object identifies an attribute groupfte. policy groups) having one or 
more attributes of the multiple attributes associated with the data object type(7e. default policy 
groups 150, J 60 and 170) [figure 1]; 



Application/Control Number: 1 0/720,447 Page 7 

Art Unit: 2135 

b. and the one or more code segments are further configured to permit the user to access 
an attribute of the data object only when the attribute of the data object corresponds to an 
attribute of the attribute group of the permission object(7e. permit users in HR of Company A to 
access employee records of employees earning salaries below a threshold) [column 6, lines 29- 
39], 

Claims 6 and 18: Wong et al. discloses a medium or signal and system of claims 5 and 17 and 
further discloses that: 

a. the permission object identifies a second attribute groupie, plurality of policy groups 
and individual policies under each policy group) having one or more attributes of the multiple 
attributes associated with the data object typef/e. default policy groups 150, 160 and 170) [figure 

i]; 

b. a second permission attribute(7e. particular job categories) identifying one of the 
multiple attributes [column 6, lines 29-39]; 

c. and a second permission value(7e. employee *s job category on record) for the second 
permission attribute, associates the second permission attribute and the second permission value 
with the second attribute group, and associates the permission attribute and permission value 
with the attribute group [column 6, lines 29-39]; 

d. and the one or more code segments are further configured to permit the user to access 
an attribute of the data object only when the attribute of the data object corresponds to an 
attribute of the second attribute group of the permission object and a value of an attribute of one 
of the multiple attributes associated with the data object is consistent with the second permission 
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value of the second permission attribute (ie. permit users in HR of Company B to access 
employee records of employees who belong to a particular job category) [column 6, lines 29-39]. 
Claims 7 and 19: Wong gtaL discloses a medium or signal and system of claims 1 and 13 and 
further discloses that the permission object identifies a permitted actionize, access rule of 
particular context attribute value allows users associated with company A to change policy . 
group attributes), and the one or more code segments are further configured to permit the user to 
access the data object and perform an action on the data object when the action is consistent with 
the permitted action identified in the permission object(7e. the function checks context value 
attributes that identify the user to determine whether the user is associate with company A, and 
whether the new value belongs to the particular set of values) [column 7, lines 30-45]. 

Conclusion 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Edward Zee whose telephone number is (571) 270-1686. The 
examiner can normally be reached on Monday through Thursday 9:00AM-5 :00PM EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Kim Y. Vu can be reached on (571) 272-3859. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

EZ 

August 28, 2007 
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SUPERVISORY PATENT EXAMINER 
TECHNOLOGY CENTER 2100 



